zeronetworks / rpcfirewallLinks
☆522Updated 2 months ago
Alternatives and similar repositories for rpcfirewall
Users that are interested in rpcfirewall are comparing it to the libraries listed below
Sorting:
- A centralized resource for previously documented WDAC bypass techniques☆573Updated 3 months ago
- A repository that maps commonly used attacks using MSRPC protocols to ATT&CK☆335Updated 2 years ago
- Detect and respond to Cobalt Strike beacons using ETW.☆508Updated 3 years ago
- Event Tracing For Windows (ETW) Resources☆396Updated 10 months ago
- Aims to identify sleeping beacons☆615Updated 8 months ago
- ☆500Updated last year
- ☆252Updated last year
- Scan installed EDRs and AVs on Windows☆592Updated last month
- ☆382Updated 2 years ago
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆287Updated last year
- Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for…☆487Updated 2 years ago
- Sysmon EDR POC Build within Powershell to prove ability.☆226Updated 4 years ago
- Extracted Yara rules from Windows Defender mpavbase and mpasbase☆456Updated 2 weeks ago
- A PowerShell armoury for security guys and girls☆473Updated last year
- ☆417Updated 3 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆970Updated last year
- An effort to track security vendors' use of Microsoft's Antimalware Scan Interface☆252Updated 3 years ago
- A C# utility for interacting with SCCM☆650Updated last week
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆769Updated last year
- ☆204Updated 9 months ago
- Active Directory delegation management tool☆318Updated 2 years ago
- PoCs and tools for investigation of Windows process execution techniques☆935Updated last month
- Sysmon-Like research tool for ETW☆364Updated 2 years ago
- Ransomware simulator written in Golang☆445Updated 3 years ago
- Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…☆854Updated 3 years ago
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆656Updated 2 years ago
- Project for identifying executables that have command-line options that can be obfuscated, possibly bypassing detection rules.☆179Updated 7 months ago
- Sysmon configuration file template with default high-quality event tracing☆505Updated 3 weeks ago
- C# Azure Function with an HTTP trigger that generates obfuscated PowerShell snippets that break or disable AMSI for the current process.☆416Updated 11 months ago
- Cobalt Strike Beacon configuration extractor and parser.☆155Updated 4 years ago